Previous topic  Top  Next topic  Print this Topic
 

Modeling the Security Module Realm with OntoStudio

  

It is possible to edit the security ontology realm (which is ObjectLogic based) directly with OntoStudio. The schema of the security ontology is defined in $security-core.obl (which is per default in the "conf" directory). If you want to be able to edit the security ontology via OntoStudio you have to import the schema ontology. E.g.

:- module = '$security'.

:-prefix = "http://ontoprise.de/security#".

:-import = '$security-core'.

 

demo:User[hasRole->{m1all,m2read,foo}].

root:User[hasRole->allModules].

 

m1all:Role[hasReadPermission->m1; hasTempWritePermission->m1; hasWritePermission->m1].

 

m3read:Role[hasReadPermission->m3].

m3write:Role[hasWritePermission->m3].

foo:Role[hasPermission->'foo:*'].

The third line shows the required import. Here is a screenshot of the schema of the security ontology:

clip0001ob

The following excerpt shows the ObjectLogic source of the schema ontology:

:- version("2.0").

:- encoding("Cp1252").

 

:- module = $'security-core'.

 

 

// Concept hierarchy ------------------------------------

 

Module[].

Role[].

User[].

 

Role[hasReadPermission {0:*} *=> Module].

Role[hasWritePermission {0:*} *=> Module].

Role[hasTempWritePermission {0:*} *=> Module].

Role[hasPermission {0:*} *=> WildcardPermission].

User[hasRole {0:*} *=> Role].

 

SpecialPermission::WildcardPermission.

 

// Instances --------------------------------------------

 

"*":Module.

allModules:Role.

allPermissions:Role.

"ob:command:apicommands":SpecialPermission.

"ob:command:busy":SpecialPermission.

"ob:command:clear":SpecialPermission.

"ob:command:commands":SpecialPermission.

...

 

The most important concepts are:

User (a user can have multiple roles)
Role (a rule consists of zero or more permissions)
Module (known modules are instances of this concept)

To model your security ontology you also have to open the schema ontology and the ontologies for which you want to set the roles and permissions. Here is a screenshot of OntoStudio in which a security ontology is edited:

clip0001_ob

The changes in the security ontology (roles and permissions) are executed immediately when a permission/role is changed. Hence, it is possible to try out new permissions immediately by executing queries.